PDA

View Full Version : Unencrypting a S2 4.01b possibility



jimrich35115
07-24-2004, 04:07 PM
I am looking for some general dicussion on this subject. Here is the idea. From what I have read/understand:

1. the encryption of the Tivo streams are done while the tivo is recording
2. The encryption is done by a encryption chip and a key generated unique to the machine
3. tivoapp has a procedure to insure the stream has been encrypted. (taken out by the noscramble tivoapp patch)

With these 3 things in mind I think of the Home Media Option (HMO) where another Tivo will copy the stream from one to the other in order to play it. Using the logic of the above 3 items the 2nd recieving Tivo would have to recieve the stream unencrypted in order to play it with its own unique key. Which may mean that the 1st sending Tivo would have to decrypt it.

If there is software out there that mimics the HMO allowing it to recieve a stream from another Tivo though the same HMO functions. The test would be to see if this stream once received was unencrypted.

The next is to see if you have 2 tivos one functioning with encrypted streams (stock) and the other operating under the Sleeper ISO, with noscramble. If the NoScramble Tivo request via HMO a stream from the Stock Tivo can it first play it and if so is it still encrypted.

Someone let me know if I am crazy....

Waruwaru
07-24-2004, 04:28 PM
With these 3 things in mind I think of the Home Media Option (HMO) where another Tivo will copy the stream from one to the other in order to play it. Using the logic of the above 3 items the 2nd recieving Tivo would have to recieve the stream unencrypted in order to play it with its own unique key. Which may mean that the 1st sending Tivo would have to decrypt it.

Or they could share another key which could decrypt encrypted-streams from the other known Tivo.

Not sure if my memory is reliable, but I seem to recall that rung has thought of another way to decrypt streams by feeding the stream to the Tivo itself somehow... But maybe I was just hallucinating.

alldeadhomiez
07-24-2004, 05:05 PM
The TiVo readsectors/writesectors syscall (Series1) or ioctl (Series2) can specify a 128 bit key to use to descramble/scramble the data involved in the DMA transfer to/from the disk.

To figure out how to log and replay this key, read the unscramble source code and linux/drivers/ide/ide-disk.c.